• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

SpadeAltairBPS.exe

I found an app installed that I cannot uninstall.  The name is SSO.  When I try to uninstall it I get the message that the uninstaller cannot run.  From what little I can find out the executable is a program called SpadeAltairBPS.exe.  I can find this in the services but it cannot be altered in any way.  I did move the executable over to my second drive and added a .txt extension so as not to accidentally execute it.  Google has nothing on this file, nor does Microsoft.  Norton has nothing either.  Does anyone know what this file / service is and is it safe?

Thanks

Mike Weber

Replies

Kudos0

Re: SpadeAltairBPS.exe

Hi Nadenal:

Just a guess on my part but "SSO" often refers to single sign on - see What Is SSO Login?  The example used in that article is Google's SSO, but if you own a Norton product like Norton Security they also implement a type of SSO where a logging in with a single user name and password gives you access to multiple services (e.g., your Norton account, the Norton forum, etc).

What evidence do you have that an executable called SpadeAltairBPS.exe is associated with this app, and what is the name of the service running in Windows Services?  What device is this app installed on and what is the operating system?

Kudos0

Re: SpadeAltairBPS.exe

It is windows 10 for the os installed on a desktop PC. What little i manage to find out from Google seemed to suggest that this file was affiliated with the sso service. They appeared at the same time. (Mar 30). Windows has not installed updates recently so I do not think it belongs to windows. In the services app it appears as spadealtairbps. I could be wrong and the sso and the spadealtairbps are not related. But when trying to uninstall both of them, the uninstaller gives me the same error message, that it could not be run. And both have dates that are the same. (Mar 30). But I am thinking if it were legit there would be information about the files I could find, and the uninstallers would actually work. Thanks Mike Weber

Kudos1 Stats

Re: SpadeAltairBPS.exe

Nadenal:

It is windows 10 for the os installed on a desktop PC. What little i manage to find out from Google seemed to suggest that this file was affiliated with the sso service. They appeared at the same time. (Mar 30)...

Hi Nadenal:

Sorry, I don't have a Win 10 machine so you'll have to wait for one of the Win 10 users in this forum to jump in and see if your SSO service is typical for a Win 10 installation.  In the mean time you might want to post back with your Win 10 version and build number - see the How-To Geek article How to Find Out Which Build and Version of Windows 10 You Have.

The fact that you can't manually delete these files isn't necessarily concerning - your Windows user account might not have sufficient privileges or the files might be loaded into memory and in use by the system.  Like you, I couldn't find any information about SpadeAltairBPS.exe (although a Google search for combinations of words like "Spade" and "Altair" turned up results that could be associated with online gaming). If you can locate this executable in Windows Explorer do the file properties show if the file is digitally signed and who distributed the file?  Here's an example of what I see if I search for the main Norton executable nortonsecurity.exe in C:\Program Files\Norton Security\Engine\:


If you can locate SpadeAltairBPS.exe then upload it to VirusTotal (https://www.virustotal.com/gui/home/upload) for analysis by ~ 60 antivirus scan engines.  If I submit nortonsecurity.exe, for example, it calculates the SHA256 hash (digital fingerprint) of this file and the report at https://www.virustotal.com/gui/file/63f1ab97e5d376be792952d382a8f80b4bf18ae849a97c8238c51edfb01fd3fb/detection shows that 0 of 68 virus scan engines found this file was suspicious / malicious.  A higher detection rate for SpadeAltairBPS.exe (e.g., 7 / 65) would indicate this file was flagged as suspicious / malicious by at least 7 virus scan engines

If a full system scan with Norton (or what ever antivirus you use on your computer) doesn't detect any threats and you're still concerned your system is infected with malware or a lower-risk PUP (potentially unwanted program) then try a second opinion scan with the free Malwarebytes scanner (for Win 7 and higher: https://www.malwarebytes.com/mwb-download/; for Win XP/Vista: https://downloads.malwarebytes.com/file/mb3_legacy).  See my post in BevStra's thread MyWay Search for installing Malwarebytes Free v3.x and running your first Threat Scan.  It's best to deactivate the 14-day trial of Malwarebytes' real-time protection modules after installation so they don't conflict with your antivirus .
----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security v22.15.1.8 * MB v3.5.1-1.0.365

Kudos0

Re: SpadeAltairBPS.exe

Just a note to describe what I did to get rid of this thing.  I uploaded the exe file and 9 of the virus engines detected this as a threat. I ran Malwarebytes and that got rid of most of it. The name was still hanging around in the services though and I could not delete it.  I ended up having to go into regedit and take ownership of that key.  It was in the currentcontrolset/services section.  Then I was able to delete that key from the registry.  I restarted and there is no more traces of this program.  This file was in fact the SSO program from above.  I do not know whose it was but Microsoft had nothing on it.

Anyway thanks for  the help.

Accepted Solution
Kudos0

Re: SpadeAltairBPS.exe

Hi Nadenal:

You're welcome, and thanks for the update.  If you'd like to post the URL for your VirusTotal scan report (it might still be in your browser history) I'd be happy to review the details.

If you haven't already done so, I'd still advise running a Threat Scan with Malwarebytes Free, and then moving on to a Custom (full system) Scan if the Threat Scan doesn't find anything.  If this SpadeAltairBPS.exe file is associated with some type of malware the dropper or other hidden components could still be on your computer and waiting to re-infect you computer.  From the Malwarebytes article Trojan Dropper:

"Downloaders and droppers are helper programs for various types of malware such as Trojans and rootkits. Usually they are implemented as scripts (VB, batch) or small applications.  They don’t carry any malicious activities by themselves, but just open a way for attack by downloading/decompressing and installing the core malicious modules. To avoid detection, a dropper may also create noise around the malicious module by downloading/decompressing some harmless files....."

----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security v22.15.2.22 * MB v3.5.1-1.0.365

Kudos0

Re: SpadeAltairBPS.exe

I did run Malwarebytes but not the custom full scan. But I will do so today. I will check to see if I can find the scan results and post them later.
Kudos0

Re: SpadeAltairBPS.exe

Here is the scan results of the SpadeAltairBPS.exe file

Kudos0

Re: SpadeAltairBPS.exe

Nadenal:

I found an app installed that I cannot uninstall.  The name is SSO.  When I try to uninstall it I get the message that the uninstaller cannot run.  From what little I can find out the executable is a program called SpadeAltairBPS.exe....

Hi Nadenal:

Thanks for the VirusTotal scan results from https://www.virustotal.com/gui/file/c22920715118e0c59e7e74ca4193f5186a06db532abe16dc293c2302f9f57c5d/detection. I still can't find any information on the company AltairSpade LLC that originally released this file but both Symantec and Malwarebytes detect files with this SHA256 hash (digital ID) as suspicious / malicious so I agree it's not something you'd want on your system.

From the Malwarebytes write-up for detection Adware.SpecialSearchOffer:

"Adware.SpecialSearchOffer is usually installed by bundlers. Typically, Adware.SpecialSearchOffer comes as a browser extension on the affected system. The extension changes the default search engine of the affected browser and changes it to a search site that redirects to Yahoo search, while adding sponsored results..."

Note that the indicator of compromise (IOC) listed at the bottom of that write-up is a domain named ssoextension.com.  As a precaution, you might want to clear your browser history as instructed in the How-To Geek article How to Clear Your History in Any Browser in case you still have a cookie or some other trace of this adware stored in your browser.

If you notice any strange behaviour  (e.g., re-directs to unexpected sites or search engines while browsing) or suspect that you still have an active infection on your system after your Malwarebytes Custom (full system) scan be sure to post in Malwarebytes' free Windows Malware Removal Help & Support board and ask one of their malware removal specialists to check your system. See AdvancedSetup's guideline I'm Infected - What Do I Do Now? for instructions on how to attach Farbar Recovery Scan Tool (FRST) diagnostic logs to your initial post.
----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security v22.15.2.22 * MB v3.5.1-1.0.365